netfilter: conntrack: add and use nf_l4proto_log_invalid

We currently pass down the l4 protocol to the conntrack ->packet() function, but the only user of this is the debug info decision. Same information can be derived from struct nf_conn. As a first step, add and use a new log function for this, similar to nf_ct_helper_log(). Add __cold annotation -- invalid packets should be infrequent so gcc can consider all call paths that lead to such a function as unlikely. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2017-10-11 10:47:40 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-10-24 18:01:49 +0200
commit: c4f3db15958277c03d1c324894255ea3ecbf86e1 (patch)
tree: 0652feccc1b2ecc9040bc6a051a8c41e96d620db /net/netfilter/nf_conntrack_proto_sctp.c
parent: 2420770b3fe56ca97ecf34e230762cd9f3296dae (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index 6303a88af12b..aa630c561361 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -522,8 +522,7 @@ static int sctp_error(struct net *net, struct nf_conn *tpl, struct sk_buff *skb,
 	}
 	return NF_ACCEPT;
 out_invalid:
-	if (LOG_INVALID(net, IPPROTO_SCTP))
-		nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, "%s", logmsg);
+	nf_l4proto_log_invalid(skb, net, pf, IPPROTO_SCTP, "%s", logmsg);
 	return -NF_ACCEPT;
 }
author	Florian Westphal <fw@strlen.de>	2017-10-11 10:47:40 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-10-24 18:01:49 +0200
commit	c4f3db15958277c03d1c324894255ea3ecbf86e1 (patch)
tree	0652feccc1b2ecc9040bc6a051a8c41e96d620db /net/netfilter/nf_conntrack_proto_sctp.c
parent	2420770b3fe56ca97ecf34e230762cd9f3296dae (diff)